threatER provides the ability to manage security settings in the admin console. The Company Profile is only accessible to Company Master accounts and is where company-level settings can be made.
End users can use the standard sign-in process (username / password) or require remote authentication of users using single sign-on (SSO). In addition to these sign-in practices, admins can require multi-factor authentication to verify a user's identify for login and control API access.
The Company Profile is accessible by selecting the person icon in the top-right navigation bar and then selecting Company Profile.
Single Sign-On (SSO) with Google
End users can login into threatER via SSO if your organization subscribes to Google Workspace and your company's domain is registered to Google Workspace.
Enter Google Workspace credentials when the Google sign-in form displays. Additional screens may display if your organization has multi-factor authentication configured with Google Workspace. Provide threatER credentials to finish linking the accounts. This is a one-time linking operation.
Select the Sign On button to login to the application.
New User Creation with SSO
In addition to the standard SSO login detailed above, Company Master and MSP Master Admins accounts can configure their company to allow for new user creation via SSO. Properly configuring this setting allows new users to be created via SSO on the login screen when matched to one or more allowed domains.
Most customers won't enable this feature, since anyone with a valid domain credential would be able to login to the system, which is often undesirable for access to security controls such as threatER. It may however be useful for some security organizations and possibly some MSPs to allow their employees to have the ability to create accounts quickly without having to bother a Company Master or MSP Master to do so.
Company Master or MSP Master account admin should navigate to the Company Profile to allow new users to be created via SSO.
Enable Allow SSO to Create New Users. You will have the option to select any role with automatic creation, though we strongly recommend Read Only role to start.
Enter the applicable domains(s). Anyone with a valid login to the specified domain as registered with the SSO provider, the associated Google Workspace domain, will be able to create an account on the system. Select Add to add the domain and then click Save.
Once this setting is properly configured, Company Master admin can direct new users to navigate to the login screen, select Sign On with Google and follow the prompts outlined above to access the Portal.
This feature doesn't preclude the existing mechanism for creating and managing users in the system. Company and MSP Master accounts can still manage users via Administration > Users > Create in the Portal.
API
In order for an API key to be generated, a user with the Company Master admin role must first allow API access for the company account. Company Master or MSP Master account admin should navigate to the Company Profile to allow new users to be created via SSO.
Enable Allow API Access toggle.
Each user will be able to generate the API key via the User Profile once API access is enabled. Click the person icon and select User Profile. Select the Generate button to initiate the Key and Secret. Copy the Keys values, by clicking the copy icon, and paste in a safe location. When leaving the page, the secret key will be hidden and admins will not be able to view the key values again. If admins lose the secret key, a new API key will need to be generated.
Once the keys have been generated, Administrators can access our API documentation at this link to get started. Admins will need to select Authorize and enter the keys to use the API as needed. The generated API key will give the user access to the API endpoints with their assigned account permissions.
Enabling Multi-Factor Authentication (MFA)
Multi-Factor Authentication (MFA) is available to end users and Company Master admins who wish to enable a second factor of verification before allowing login into threatER.
End Users have the option to activate authentication in instances where MFA is not turned on company-wide. Select User Profile in the top right corner and follow the steps listed under the Multi-Factor Authentication panel.
The MFA application is available by downloading and installing either the Google Authenticator, Authy, or Windows Phone Authenticator app for phone or tablet. After app installation, open the app and scan the barcode. Enter the verification code on the page in the admin console once configured and select Activate.
Company Master admins can also require all threatER users to enable MFA. Click the user icon in the top right and select Company Profile. Enable Require Multi-Factor Authentication by moving the slider to the right.
Users that don't have MFA enabled will be required to configure authentication upon next login. Users who have already configured MFA will not be required to reset their MFA.
Comments
0 comments
Please sign in to leave a comment.